1. Who We Are

SVECTOR TECHNOLOGIES PRIVATE LIMITED, CIN: U62011GJ2026PTC179633, is a technology company headquartered in Ahmedabad, Gujarat, India. References to "SVECTOR", "we", "us", and "our" mean SVECTOR TECHNOLOGIES PRIVATE LIMITED and its authorized affiliates, operators, personnel, contractors, and service providers, as applicable.

We build decision infrastructure software across several product families, including Foundry, Verdict or TI-Platform, Operational Intelligence Platform or OIP, Financial Intelligence, Enterprise Decision Systems, Secure Deployment Fabric, and certain legacy or archived AI products. The products may be delivered as hosted software, private cloud, customer cloud, on-premise, isolated, air-gapped, API-based, dashboard-based, or professionally managed deployments.

2. Controller and Processor Roles

We may act as a data controller, a data processor, or a service provider depending on the context.

2.1 When SVECTOR Is a Controller

We act as a controller when we determine why and how personal data is processed for our own business purposes. This includes website visits, sales inquiries, marketing, events, support communications, direct consumer Verdict accounts, candidate marketplace profiles created directly with SVECTOR, security operations, billing, account administration, legal compliance, and product analytics that we control.

2.2 When SVECTOR Is a Processor

We act as a processor or service provider when an enterprise customer controls the personal data and instructs SVECTOR to process that data through a product, dashboard, integration, API, assessment, interview, hiring project, operational workflow, financial workflow, industrial deployment, or secure deployment. In that case, the customer is normally responsible for providing notices, obtaining required consents, choosing lawful bases, validating employment uses, responding to data subject requests, and deciding how the data is used.

2.3 Enterprise Agreements Control

If you have a signed master services agreement, order form, data processing agreement, security addendum, business associate agreement, government contract, or other written agreement with SVECTOR, that agreement controls where it conflicts with this public Policy.

3. Products Covered

• Foundry: Software manufacturing, implementation, workflow generation, integration, architecture, deployment, and internal production systems used to build and deliver SVECTOR software.
• Verdict or TI-Platform: Talent intelligence, hiring, candidate marketplace, assessment, AI interview, psychometric, leadership evaluation, scorecard, resume intelligence, role-fit, career identity, and workforce decision support systems.
• OIP: Operational decision infrastructure for industrial, energy, infrastructure, logistics, telemetry, monitoring, predictive maintenance, operational visibility, readiness, and signal correlation environments.
• Financial Intelligence: Fraud detection, transaction monitoring, AML, sanctions, counterparty risk, due diligence, compliance workflow, case prioritization, audit trail, and evidence-based escalation systems.
• Enterprise Decision Systems: Cross-system decision support, document-to-decision workflows, internal search, executive visibility, workflow intelligence, reporting automation, and operational decision support.
• Secure Deployment Fabric: Private cloud, customer cloud, on-premise, isolated, air-gapped, sovereign, regulated, and restricted deployment infrastructure.
• Legacy AI Products: Historical or archived products, models, APIs, chat tools, automation tools, synthetic data tools, and related systems that may be maintained, migrated, restricted, deprecated, or discontinued.

Certain non-public, government, defence, intelligence, national security, critical infrastructure, classified, sovereign, or restricted deployments are not ordinary public products. They are governed by separate written terms, specialized security controls, and customer-specific requirements.

4. Data We Collect

We collect data directly from users, from enterprise customers, from customer systems connected to SVECTOR products, from candidates and job seekers, from authorized integrations, from devices and browsers, from service providers, and from generated system events.

4.1 Identity and Account Data

• Name, email address, phone number, login identifiers, account IDs, user IDs, and role.
• Organization, department, job title, seniority, user permissions, and account status.
• Authentication data, OAuth provider metadata, email verification status, sign-in logs, and security events.
• Profile photographs or avatars when voluntarily provided.

4.2 Enterprise and Operational Data

• Customer systems, databases, ERP data, CRM data, spreadsheets, APIs, internal tools, and documents connected by the customer.
• Workflow data, tickets, tasks, case records, escalation history, approvals, investigations, and decision records.
• Operational, industrial, sensor, telemetry, facility, asset, equipment, performance, maintenance, readiness, and incident data.
• Financial, compliance, transaction, due diligence, fraud, sanctions, counterparty, audit, and risk workflow data.
• Customer configuration, deployment environment, access policies, data residency settings, model settings, and integration settings.

4.3 Verdict Candidate and Job Seeker Data

• Full name, email, phone, profile photo, gender if provided, location, LinkedIn or social links, and candidate identifiers.
• Current role, current company, function, industry, seniority, years of experience, education, work history, certifications, and skills.
• Target role, target function, target industries, preferred cities, work mode preferences, relocation preference, notice period, and availability.
• Compensation expectations, salary range, currency, benefits expectations, and compensation privacy settings.
• Resume files, raw resume text, parsed resume fields, confidence scores, source provenance, extracted claims, gaps, conflicts, and document metadata.
• Career intelligence, executive signals, evidence density, role-fit analysis, interview strategy, deduplication signals, and AI-generated summaries.
• Candidate marketplace visibility settings, blocked company lists, profile access requests, profile view history, connection history, and network discovery settings.

4.4 Verdict Assessment and Interview Data

• Psychometric assessment answers, trait scores, competency scores, driver scores, fit scores, leadership archetypes, and consistency indicators.
• Interview session metadata, schedule, duration, participant data, role context, question sets, answer text, transcripts, evidence links, and scorecards.
• AI interview analysis, response quality, signal density, evidence gaps, suggested probes, strengths, concerns, risks, and recommendation drafts.
• Human interviewer notes, hiring manager feedback, ratings, scorecards, recommendations, and decision rationale.
• Timing data, completion data, tab switch counts, fraud prevention signals, and assessment integrity signals where enabled and disclosed.

4.5 Biometric, Audio, and Video Data

SVECTOR does not collect biometric data by default. If a product feature uses video, audio, facial analysis, voice analysis, eye tracking, proctoring, identity verification, or similar biometric processing, that feature must be clearly disclosed and subject to any required consent, written notice, retention schedule, deletion process, and alternative workflow required by law.

If enabled, biometric or media data may include video recordings, audio recordings, voice patterns, facial landmarks, expression analysis, gaze data, attention signals, camera quality metadata, and session quality indicators. Such data is treated as highly sensitive and is not sold, leased, traded, or used for unrelated purposes.

4.6 Optional Birth, Vedic, or Self-Reflection Data

Some consumer features may permit users to provide birth date, birth time, birth city, geocoded birth location, timezone, and related self-reflection data. These features are optional. They are for personal reflection, cultural, entertainment, or self-discovery experiences only. They must not be used for hiring, promotion, compensation, termination, credit, insurance, housing, education, medical, or other consequential decisions.

4.7 Employee, Bench, and Internal Leadership Data

Enterprise customers may use SVECTOR tools for internal workforce, leadership, bench, succession, or development workflows. Those workflows may process employee names, emails, roles, manager relationships, department, tenure, assessment responses, leadership scores, development recommendations, readiness indicators, retention risk indicators, and internal notes. Customers are responsible for providing employee notices, obtaining required consents, honoring labor laws, and ensuring that employee monitoring or assessment use is lawful and proportionate.

4.8 Technical, Usage, and Security Data

• IP address, browser, device type, operating system, user agent, session data, cookies, local storage data, and approximate location.
• API calls, logs, diagnostics, errors, latency, system performance, feature usage, clickstream data, and audit records.
• Security logs, authentication attempts, access history, admin actions, abuse signals, suspicious activity, and incident records.

5. Customer Data and AI Training

Customer data is not used to train general AI models by default. This includes enterprise operational data, industrial telemetry, financial data, compliance data, hiring data, interview data, candidate data, employee data, decision data, documents, confidential business data, trade secrets, and customer workflow data.

We may use customer data for the limited purpose of providing, securing, maintaining, debugging, supporting, and improving the customer's own deployment or contracted service. For example, we may process logs, diagnostics, telemetry, configuration data, performance metrics, and error data to keep the service working.

We may use aggregated or de-identified data to understand system performance, reliability, feature usage, security posture, and product quality, provided that such data is not reasonably capable of identifying a person or customer. We will not attempt to re-identify de-identified data except to test whether de-identification is effective or as allowed by law.

If a customer wants SVECTOR to use data for AI training, fine-tuning, benchmarking, model evaluation, product research, or shared model improvement, that use must be authorized through explicit written permission, an order form, a data contribution agreement, or another signed written instrument. Consent or permission may be revoked as stated in the applicable agreement. If no timeframe is specified, SVECTOR will stop using newly submitted customer data for that authorized training purpose within 30 days after verified revocation.

6. Why We Process Data

• To provide decision infrastructure products, dashboards, APIs, integrations, workflows, reports, and support.
• To connect customer data sources and surface operational, hiring, financial, compliance, or industrial signals.
• To operate Verdict assessments, interviews, candidate profiles, marketplace workflows, employer accounts, and human review workflows.
• To generate decision support outputs, evidence packages, risk indicators, summaries, explanations, scorecards, and audit records.
• To authenticate users, manage accounts, enforce permissions, provide support, process payments, and manage customer contracts.
• To monitor performance, reliability, security, abuse, fraud, unauthorized access, and system integrity.
• To comply with legal obligations, employment record obligations, tax obligations, court orders, regulatory requests, and lawful customer instructions.
• To improve products through permitted telemetry, diagnostics, feedback, de-identified data, and authorized research.
• To send service notices, security notices, legal updates, support messages, and marketing communications where permitted.

7. Legal Bases

Depending on the jurisdiction and context, we rely on one or more of the following legal bases: performance of a contract, steps taken before entering a contract, legitimate interests, consent, explicit consent for sensitive processing where required, compliance with legal obligations, protection of vital interests, public interest where legally applicable, and customer instructions where we act as a processor.

Where we process special category data, biometric data, sensitive personal information, children's data, employee monitoring data, employment assessment data, or similar high-risk data, we apply heightened safeguards and rely on the lawful basis required by applicable law.

8. Employment AI and Human Oversight

Verdict and related tools provide decision support. They do not replace qualified human judgment. Employers and enterprise customers must not use SVECTOR outputs as the sole basis for hiring, rejection, promotion, termination, compensation, disciplinary, workforce reduction, or other consequential employment decisions.

Customers using SVECTOR in employment contexts are responsible for compliance with employment, labor, equality, anti-discrimination, accessibility, automated employment decision tool, AI governance, recordkeeping, notice, consent, audit, and accommodation laws. This may include requirements under EEOC guidance, the Uniform Guidelines on Employee Selection Procedures, the ADA, NYC automated employment decision tool rules, the EU AI Act, GDPR, state privacy laws, and other applicable regimes.

Customers must evaluate whether a tool is job-related and consistent with business necessity, monitor for adverse impact, provide reasonable accommodations, offer human review where required, keep appropriate records, avoid protected characteristics, and ensure that AI outputs are interpreted by trained humans.

9. Sharing and Disclosure

We may disclose data to the following categories of recipients:

• Enterprise customers and their authorized administrators, recruiters, hiring managers, reviewers, operators, or personnel.
• Candidates, job seekers, or employers when a user requests, applies, consents, reveals identity, or participates in a workflow.
• Cloud, hosting, database, authentication, infrastructure, security, analytics, observability, email, customer support, payment, and professional service providers.
• AI, OCR, language, extraction, analysis, or model service providers where necessary to deliver the product or where authorized by customer configuration.
• Integration partners selected by a customer or user, including APIs, databases, ERP systems, HR systems, ATS systems, finance systems, industrial systems, and workflow tools.
• Auditors, lawyers, consultants, insurers, banks, advisors, and corporate transaction parties subject to confidentiality obligations.
• Government authorities, courts, regulators, law enforcement, or other parties where required by law or necessary to protect rights, safety, security, or legal interests.

We do not sell personal data for money. Some privacy laws define "sale" or "sharing" broadly to include certain advertising, analytics, or cross-context behavioral advertising activities. Where those laws apply, we will provide required opt-out mechanisms.

10. Third-Party Services

SVECTOR products may use or integrate with providers such as Google Firebase, Google OAuth, cloud hosting providers, DeepSeek, OpenRouter, OpenStreetMap Nominatim, Open-Meteo, payment processors, email providers, analytics tools, security tools, and customer-selected services. The exact provider set may vary by deployment, product, customer region, and customer configuration.

We require service providers that process personal data on our behalf to protect that data, use it only for authorized purposes, and comply with applicable data protection obligations. Customer-selected integrations may be governed by the customer's own agreement with that provider.

11. International Transfers

SVECTOR may process data in India, the United States, the European Economic Area, the United Kingdom, Singapore, the United Arab Emirates, or other jurisdictions where we, our customers, or our providers operate. Enterprise customers may choose region-specific deployments, customer cloud deployments, on-premise deployments, private cloud deployments, or air-gapped deployments where contractually available.

Where required, we use appropriate transfer safeguards such as data processing agreements, standard contractual clauses, supplementary measures, encryption, access controls, data residency commitments, or other lawful transfer mechanisms.

12. Cookies, Local Storage, and Tracking

We use cookies, local storage, pixels, logs, and similar technologies to provide authentication, security, preferences, session continuity, product functionality, analytics, performance monitoring, and, where permitted, marketing measurement. Essential cookies are required for the service to operate. Non-essential cookies are used only where permitted or consented to.

Some products may store session state, draft assessments, user preferences, cached records, or workflow context in browser storage. Users should avoid using sensitive accounts on shared devices and should log out after use. Enterprise deployments may configure stricter session, retention, and storage policies.

13. Security

We use administrative, technical, and organizational safeguards designed to protect data against unauthorized access, disclosure, alteration, and destruction. These safeguards may include encryption in transit, encryption at rest, access controls, role-based permissions, audit logs, authentication, secrets management, vulnerability review, secure deployment practices, customer isolation, data minimization, incident response, backup controls, and personnel confidentiality obligations.

No system is perfectly secure. Customers and users are responsible for protecting account credentials, enforcing appropriate permissions, configuring integrations carefully, reviewing access logs, and notifying us of suspected unauthorized access.

14. Retention

We retain data only for as long as reasonably necessary for the purpose for which it was collected, to provide the services, to comply with legal obligations, to resolve disputes, to enforce agreements, to maintain security, or as instructed by an enterprise customer.

15. Your Rights

Depending on your location and relationship with SVECTOR, you may have rights to access, correct, delete, export, restrict, object to, or withdraw consent for processing of your personal data. You may also have rights related to automated decision-making, profiling, sensitive personal information, biometric data, and marketing communications.

If SVECTOR processes your data on behalf of an enterprise customer, we may direct your request to that customer or assist the customer in responding. If SVECTOR is the controller, we will respond directly after verifying your identity.

• Access and receive a copy of personal data.
• Correct inaccurate or incomplete personal data.
• Request deletion where legally available.
• Request restriction or object to certain processing.
• Withdraw consent where processing is based on consent.
• Opt out of marketing communications.
• Request human review or contest certain automated outputs where required by law.
• Request information about categories of data, sources, purposes, recipients, and retention.

16. Regional Notices

16.1 European Economic Area, United Kingdom, and Switzerland

Where GDPR, UK GDPR, or Swiss data protection law applies, you may have rights of access, rectification, erasure, restriction, portability, objection, withdrawal of consent, and complaint to a supervisory authority. Processing of high-risk or special category data may require explicit consent, substantial public interest, employment law necessity, legal claims, or another recognized lawful condition.

16.2 California and Other United States Privacy Laws

U.S. residents may have rights to know, access, correct, delete, obtain a portable copy, opt out of sale or sharing, limit sensitive personal information, and appeal certain decisions. We do not knowingly sell or share personal data of people under 16 years old.

16.3 Illinois and Biometric Privacy

If a biometric feature is enabled for a user covered by Illinois biometric privacy law, SVECTOR or the applicable customer will provide written notice, explain the purpose and duration of collection, obtain required consent before collection, avoid sale or profit from biometric identifiers, and apply a retention and destruction schedule.

16.4 India

Where Indian law applies, we process personal data under applicable Indian data protection, information technology, contract, and sectoral requirements. We may provide additional notices, consent flows, grievance channels, or data fiduciary disclosures as required by applicable law.

17. Detailed Data Source and Use Matrix

The following matrix explains common data flows in more detail. Not every product uses every category. A signed order form, product notice, consent flow, or enterprise configuration may narrow, expand, or further restrict these uses.

We do not require users to provide optional sensitive data unless the feature clearly depends on it. When optional fields are offered, users should provide only information they are comfortable sharing and legally allowed to share.

18. Candidate, Employer, and Marketplace Visibility Controls

Verdict may include candidate marketplace, role discovery, employer search, shortlist, matching, and profile visibility features. These features can create significant professional risk if configured poorly. We therefore treat candidate visibility, employer access, and internal profile exposure as controlled data flows.

• Candidates may be offered controls for profile visibility, role interest, location preference, availability, and contact permissions.
• Candidate salary, compensation expectation, job-search intent, relocation intent, and employer-blocking preferences should not be exposed beyond the configured audience.
• Employer users may access candidate data only for authorized hiring, assessment, workforce, or talent workflows.
• Current employers may not use marketplace or mobility signals to retaliate against workers, suppress wages, block mobility, or take unlawful adverse action.
• Recruiters and hiring teams must not export, scrape, resell, enrich, or combine candidate profiles for unrelated purposes without lawful authority.
• Enterprise customers are responsible for configuring permissions so that hiring managers, interviewers, reviewers, and administrators see only the data they need.

When a candidate applies to, connects with, or accepts visibility to an employer, the employer may separately process the candidate's personal data under its own privacy notice. SVECTOR is not responsible for independent employer processing outside the SVECTOR services.

19. Automated Decision-Making, Profiling, and Contest Rights

SVECTOR products may profile, classify, rank, summarize, score, cluster, compare, or recommend data. In hiring and employment contexts, these outputs can affect how humans review candidates, prioritize interviews, identify evidence, evaluate fit, or decide next steps. These outputs must be treated as assistive and reviewable.

• SVECTOR does not instruct employers to make solely automated final employment decisions.
• Customers must provide human review, appeal, contest, or explanation processes where required by law.
• Customers must not configure systems to hide legally required explanations, notices, criteria, audit summaries, or accommodation options.
• Users may request correction of inaccurate data that materially affects an output where correction rights apply.
• Where law gives a right to opt out of certain automated decision-making or profiling, SVECTOR will honor applicable requests when we are controller and will support customers when we are processor.
• Customers must evaluate whether their use of SVECTOR tools triggers automated employment decision tool laws, bias audit requirements, notice requirements, impact assessments, or AI governance duties.

A software output may be affected by incomplete source data, inaccurate documents, vague role criteria, poor configuration, biased historical decisions, missing context, third-party data errors, or model limitations. Users should not assume that a score or ranking is an objective truth.

20. Sensitive Data and Special Category Processing

Sensitive data may include government identifiers, financial information, biometric identifiers, precise location, health information, disability accommodation information, union membership, race, ethnicity, religion, sex life, sexual orientation, political opinions, criminal history, compensation, children's data, psychometric information, and data that receives special protection under applicable law.

We do not want customers or users to submit sensitive data unless it is necessary, lawful, disclosed, and protected. Where sensitive data is required for a legitimate workflow, the party controlling the workflow must confirm the lawful basis, notices, consents, access limits, retention limits, and deletion process.

• Protected characteristics should not be used as decision factors in employment workflows unless law expressly requires or permits a narrowly tailored use.
• Accommodation data should be used only to provide accommodation, accessibility, fairness, or legally required process support.
• Criminal, credit, background, or reference data may be processed only where the customer has lawful authority and gives required notices.
• Psychometric outputs are not medical, clinical, psychiatric, disability, or therapeutic diagnoses.
• Optional cultural, Vedic, birth, astrology, self-reflection, or entertainment data must not be used for employment, credit, insurance, housing, education, medical, or other consequential eligibility decisions.

21. Biometric, Media, and Proctoring Safeguard Schedule

If a workflow uses camera, microphone, screen activity, identity verification, proctoring, voice processing, facial processing, eye tracking, liveness detection, behavior monitoring, or similar technology, the workflow must be configured with extra care.

• Users must receive any required written notice before collection begins.
• Consent must be collected where required and must be specific to the disclosed workflow.
• Retention periods must be defined before collection and should be as short as reasonably possible.
• Alternatives or accommodations must be offered where required by disability, employment, consumer, or biometric privacy laws.
• Raw biometric identifiers must not be sold, leased, traded, or used for unrelated advertising.
• Access to recordings, transcripts, images, and biometric outputs must be limited to authorized personnel with a business need.
• Deletion requests must be routed to the correct controller or processor workflow and honored where legally required.

We may reject, disable, or restrict biometric or proctoring configurations that appear unlawful, discriminatory, excessive, deceptive, or inconsistent with SVECTOR's risk controls.

22. Model, Prompt, Output, and Evaluation Governance

SVECTOR may use AI models, language models, retrieval systems, extraction models, ranking systems, scoring logic, rules engines, decision trees, embeddings, OCR, classification systems, and other automated components. Governance depends on the product, customer configuration, deployment model, and use case risk.

• Prompts, inputs, outputs, logs, and evaluation records may be stored to operate, debug, secure, audit, and improve the contracted service.
• Customer data is not used to train general AI models without explicit written permission.
• SVECTOR may use de-identified, aggregated, synthetic, or statistical information for reliability and quality where it does not reasonably identify a person or customer.
• High-risk use cases may require testing, validation, monitoring, documentation, human oversight, and customer-side approval before production use.
• Outputs may be inaccurate or incomplete and must be reviewed against source evidence before any consequential use.
• Where a model provider offers a no-training or enterprise data protection mode, SVECTOR will use the applicable mode when required by contract or product configuration.

23. Subprocessor and Vendor Governance

We evaluate vendors based on the service they provide, the sensitivity of data they process, contractual commitments, security posture, region, availability, and product need. Vendors may include cloud infrastructure, database, authentication, email, support, analytics, observability, payment, OCR, AI, geocoding, and security providers.

• Vendors processing personal data on our behalf must be bound by confidentiality and data protection obligations.
• Vendor access should be limited to the data necessary for the service function.
• Where an enterprise agreement requires subprocessor notice or objection rights, we will follow that agreement.
• Customer-selected integrations are not SVECTOR subprocessors unless SVECTOR controls their selection and processing role.
• We may replace vendors for security, reliability, availability, pricing, product, or compliance reasons, subject to any contractual notice obligations.

24. Data Quality, Minimization, and Internal Access

High-risk decision systems are only as trustworthy as their data discipline. SVECTOR applies data minimization, purpose limitation, role-based access, and auditability controls where appropriate for the product and deployment.

• Customers should submit only data needed for the configured workflow.
• Users should keep resumes, profiles, assessments, and account information accurate and current.
• Customers should avoid uploading broad data lakes, unrelated employee records, or sensitive archives unless the order form authorizes that processing.
• Internal SVECTOR access to customer environments is limited to personnel or contractors who need access for support, security, implementation, maintenance, or legal purposes.
• Administrative access may be logged, reviewed, restricted, or disabled depending on deployment model and enterprise agreement.
• We may remove or quarantine data that appears unlawful, dangerous, malicious, excessive, or outside the authorized service scope.

25. Incident Response and Security Notice

We maintain procedures designed to identify, investigate, contain, remediate, and document security incidents. The procedure may include triage, access review, log analysis, credential rotation, containment, vendor coordination, customer notice, regulator notice, user notice, and post-incident improvement.

If we determine that a security incident affects personal data or customer data for which notice is legally or contractually required, we will notify the relevant customer, user, regulator, or authority as required by applicable law and written agreement. Timing and content of notice may depend on investigation status, law enforcement instructions, security risk, and the customer's role as controller.

Users and customers must promptly notify us of suspected account compromise, unauthorized access, leaked credentials, misdirected data, suspected vulnerability, or unlawful use of the services.

26. Data Return, Deletion, De-Identification, and Backups

Deletion is handled according to the product, data category, legal role, customer instruction, retention requirement, and technical architecture. Some data can be deleted directly from active systems. Some data may persist temporarily in backups, logs, audit records, legal holds, dispute files, or security archives.

• Enterprise customers may request export or deletion according to the order form or data processing agreement.
• Candidate users may request deletion where SVECTOR is controller and may need to contact the employer where the employer controls the record.
• Security logs may be retained where needed to detect fraud, investigate abuse, comply with law, or preserve evidence.
• Aggregated or de-identified data may be retained if it no longer reasonably identifies a person or customer.
• Data under legal hold, tax recordkeeping, employment recordkeeping, dispute preservation, or regulatory obligation may be retained until the obligation ends.

27. Additional Consumer Privacy Disclosure

Some U.S. state privacy laws require disclosure of personal data categories, source categories, business purposes, and recipient categories. The table below provides a general disclosure for covered users. It is not a promise that every category is collected from every user.

We do not knowingly sell personal data for money. If a law treats certain analytics, advertising, or cross-context data sharing as a sale or sharing, we will provide required controls for covered users.

28. Privacy Request, Complaint, and Appeal Process

Privacy requests must include enough information for us to verify identity, locate the account or record, understand the request, and determine whether SVECTOR or an enterprise customer controls the data. We may ask for additional verification before disclosing, deleting, exporting, correcting, or restricting data.

• Requests involving enterprise-controlled records may be redirected to the relevant customer.
• We may deny or limit requests where law permits, including for security, fraud prevention, legal claims, contract performance, employment records, audit logs, or another person's rights.
• Authorized agents may submit requests where applicable law permits and verification requirements are met.
• Users may appeal a denial where applicable privacy law provides an appeal right.
• Complaints may be escalated to the privacy contact listed below and, where applicable, to a data protection authority or regulator.

We will not discriminate against users for exercising privacy rights, but some services may be unavailable if required data is deleted, restricted, or withheld.

29. Children

SVECTOR products are not intended for children under 13, or under 16 where that is the applicable digital consent age. We do not knowingly collect personal data from children below the applicable age without required consent. If you believe a child has provided data to us unlawfully, contact us and we will take appropriate action.

30. Changes to This Policy

We may update this Policy from time to time. If changes are material, we may provide notice by email, in-product notice, website notice, or other reasonable method. Continued use of the services after the effective date means the updated Policy applies, unless applicable law requires a different form of consent.

31. Contact

Privacy requests, legal notices, security concerns, and data protection questions may be sent to:

SVECTOR TECHNOLOGIES PRIVATE LIMITED
CIN: U62011GJ2026PTC179633
Ahmedabad, Gujarat, India
Privacy: privacy@svector.co.in
Legal: legal@svector.co.in
Support: support@svector.co.in